Not for RDP - at least, it's never been that for any installation I've done. It's always been from "Remote Management Computers" for me. I've had to add Internal Network to the FROM tab each time. t On 5/20/06 12:27 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to all: > You sure the default System Policy isn't Internal to Local Host? > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > >> -----Original Message----- >> From: isapros-bounce@xxxxxxxxxxxxx >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor >> (Hammer of God) >> Sent: Saturday, May 20, 2006 2:13 PM >> To: isapros@xxxxxxxxxxxxx >> Subject: [isapros] Re: Customizing Lockdown Policy >> >> But if you edit the system policy, you can change the >> "to/from" on those >> defined rules. For instance, the default RDP system policy is not " >> Allowing Remote Desktop Protocol (RDP) from Internal to Local >> Host" as you >> have below - it is RDP from the default "Remote Management Computers" >> Computer Set. This set is empty by default unless you >> installed ISA via >> RDP, in which case it automatically populates the box you >> installed it from >> (which is pretty damn smart, if you asked me.) >> >> If you wanted RDP from Internal to LH available while the >> system was in >> lockdown, you would have to edit the system policy for >> Terminal Services >> (RDP.) >> >> t >> >> >> On 5/20/06 12:11 PM, "Thomas W Shinder" >> <tshinder@xxxxxxxxxxx> spoketh to >> all: >> >>> Hi Jim, >>> >>> I thought lockdown policy was limited to: >>> >>> * Allowing hosts in the Internal network element to access the >>> Local Host network element using the firewall's >> administration protocol. >>> * Allowing Remote Desktop Protocol (RDP) from Internal to Local >>> Host. >>> * Allowing ICMP ping from Internal to Local Host. >>> * Allowing DHCP from any host to Local Host. >>> * Outgoing traffic from the firewall to any destination >>> * Traffic that already has a connection element (this allows >>> stopping the firewall service without disrupting existing >> connections) >>> * Traffic that is to/from the allowed range determined by using >>> FWENGMON >>> >>> Thanks! >>> Tom >>> >>> Thomas W Shinder, M.D. >>> Site: www.isaserver.org >>> Blog: http://blogs.isaserver.org/shinder/ >>> Book: http://tinyurl.com/3xqb7 >>> MVP -- ISA Firewalls >>> >>> >>> >>>> -----Original Message----- >>>> From: isapros-bounce@xxxxxxxxxxxxx >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison >>>> Sent: Saturday, May 20, 2006 1:52 PM >>>> To: isapros@xxxxxxxxxxxxx >>>> Subject: [isapros] Re: Customizing Lockdown Policy >>>> >>>> Sorta. >>>> Lockdown allows all the system policy traffic. >>>> Thus, if you want to change the traffic profile for lockdown, >>>> you can do >>>> it via system policy management. >>>> >>>> It's not as flexible as array policies, but it covers >> 99.444% of what >>>> the ISA admin needs to bring the server back to life. >>>> >>>> -----Original Message----- >>>> From: isapros-bounce@xxxxxxxxxxxxx >>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] >>>> On Behalf Of Thomas W Shinder >>>> Sent: Saturday, May 20, 2006 11:45 AM >>>> To: isapros@xxxxxxxxxxxxx >>>> Subject: [isapros] Customizing Lockdown Policy >>>> >>>> Hey guys, >>>> >>>> I know there is a default lockdown policy, but I was >> wondering while >>>> watering the flowers this morning if there was a method to >>>> customize the >>>> lockdown policy, other than using FWENGMON ? >>>> >>>> Thanks! >>>> Tom >>>> >>>> Thomas W Shinder, M.D. >>>> Site: www.isaserver.org <http://www.isaserver.org/> >>>> Blog: http://blogs.isaserver.org/shinder/ >>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> >>>> MVP -- ISA Firewalls >>>> >>>> >>>> >>>> All mail to and from this domain is GFI-scanned. >>>> >>>> >>>> >>>> >>> >>> >>> >> >> >> >> >> > > >